Do you see the icmp request arriving on the external interface of the firewall?
YES. The firewall sees incoming icmp requests arriving at the External interface. If you see the icmp packet arriving on you fw's external interface then start a tcpdump on the internal network to see if the fw puts the icmp request on the local lan. NO. The icmp traffics never made it to the Internal interface. As I've said before, everything works with NG-AI R55 with HFA_20. With the same idential setup on NGx R61 with HFA_02 or NGx R65, after performing "cpstop;cpstart", static NAT does not work. Solution is to reboot the firewall. Any ideas? Thanks Robby Cauwerts <[EMAIL PROTECTED]> wrote: On 8/3/07, cisco4ng wrote: > > > However, if I do "cpstop;cpstart" on the > SPLAT enforcement module, hosts residing on > the External network CAN NOT ping host > 129.174.1.12. Several attempts to push > the policy did not sovle it. When > I do "fw ctl arp" on the SPLAT box, I see > this: Do you see the icmp request arriving on the external interface of the firewall? tcpdump -ni ext-int-name icmp If not, is the fw responding to the arp request from your upstream router: tcpdump -ni ext-int-name arp If you see the icmp packet arriving on you fw's external interface then start a tcpdump on the internal network to see if the fw puts the icmp request on the local lan. Come back with the results of those checks. (before going into troubleshooting clusterXL issues) Br. Robby ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= --------------------------------- Choose the right car based on your needs. Check out Yahoo! Autos new Car Finder tool. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
